package university;

import java.io.IOException;
import java.io.PrintWriter;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;

import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.sql.DataSource;

@WebServlet(name = "LoginAuth", urlPatterns = { "/LoginAuth" })
public class LoginAuth extends HttpServlet {
    private static final long serialVersionUID = 1L;

    protected void doGet(HttpServletRequest request,
	    HttpServletResponse response) throws ServletException, IOException {
	response.getWriter().write(
		"E: Access denied. use Post method to call the servlet.");
    }

    protected void service(HttpServletRequest request,
	    HttpServletResponse response) throws ServletException, IOException {

	Context ctx = null;
	DataSource ds = null;
	Connection con = null;
	PreparedStatement stmt = null;
	ResultSet rs = null;
	PrintWriter out = response.getWriter();
	HttpSession session = request.getSession(true);
	try {
	    ctx = new InitialContext();
	    ds = (DataSource) ctx.lookup("jdbc/myDB");
	    con = ds.getConnection();
	    /*
	     * // PostgreSQL JDBC lines:
	     * 
	     * try { Class.forName("org.postgresql.Driver"); con =
	     * DriverManager.getConnection(
	     * "jdbc:postgresql://localhost:5432/jee","scott", "tiger"); } catch
	     * (ClassNotFoundException e){ System.out.println("driversw:" +
	     * e.toString()); } catch (SQLException e) {
	     * System.out.println("connection:" + e.toString()); }
	     */
	    stmt = con
		    .prepareStatement("select password from UniLoginDB where login=?");
	    stmt.setString(1, request.getParameter("login"));
	    rs = stmt.executeQuery();
	    if (rs.next())
		if (rs.getString(1).equals(request.getParameter("pswd"))) {
		    out.write("Login success, loading.....");
		    // forward();
		} else {
		    out.write("Acces Denied: invalid Password.");
		    // forwardErrpage();
		}
	    else {
		out.write("Acces Denied: invalid LoginID.");
		// forwardErrpage();
	    }

	} catch (SQLException e) {
	    out.write("Error:" + e.toString());
	} catch (NamingException e) {
	    out.write("Error:" + e.toString());
	}
	try {
	    rs.close();
	    stmt.close();
	    con.close();
	} catch (SQLException e) {
	    out.write("Close resource:" + e.toString());
	}
    }
}
/*
 * Idea forward the error msg alogin with count to error jsp. The error jsp will
 * store the cookie to client browser LoginAuthservlet will read the cookie and
 * if count>3 it will deny access.
 */

/*
 * database information: (PostgreSQL syntax)
 * 
 * drop table uniloginDB;
 * 
 * create table UniLoginDB( login varchar(20) primary key, password varchar(20)
 * not null );
 * 
 * insert into UniLoginDB values ('karthik','hello'); insert into UniLoginDB
 * values ('root','toor'); insert into UniLoginDB values ('user','welcome');
 */